From 1d878c2daaf913ad01c6d0bc2f247116c8050338 Mon Sep 17 00:00:00 2001 From: panda <542638787@qq.com> Date: Mon, 5 Jun 2023 16:29:36 +0800 Subject: [PATCH] Fix command injection in api-server for HTTP callback. v5.0.157, v6.0.48 --- trunk/doc/CHANGELOG.md | 2 ++ trunk/research/api-server/server.go | 14 +++++++++++--- trunk/src/core/srs_core_version5.hpp | 2 +- trunk/src/core/srs_core_version6.hpp | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/trunk/doc/CHANGELOG.md b/trunk/doc/CHANGELOG.md index 294d048c5..99770a6b3 100644 --- a/trunk/doc/CHANGELOG.md +++ b/trunk/doc/CHANGELOG.md @@ -8,6 +8,7 @@ The changelog for SRS. ## SRS 6.0 Changelog +* v6.0, 2023-06-05, Fix command injection in demonstration api-server for HTTP callback. v6.0.48 * v6.0, 2023-06-05, Merge [#3565](https://github.com/ossrs/srs/pull/3565): DTLS: Use bio callback to get fragment packet. v6.0.47 (#3565) * v6.0, 2023-05-29, Merge [#3513](https://github.com/ossrs/srs/pull/3513): SSL: Fix SSL_get_error get the error of other coroutine. v6.0.46 (#3513) * v6.0, 2023-05-14, Merge [#3534](https://github.com/ossrs/srs/pull/3534): Replace sprintf with snprintf to eliminate compile warnings. v6.0.45 (#3534) @@ -61,6 +62,7 @@ The changelog for SRS. ## SRS 5.0 Changelog +* v5.0, 2023-06-05, Fix command injection in demonstration api-server for HTTP callback. v5.0.157 * v5.0, 2023-06-05, Merge [#3565](https://github.com/ossrs/srs/pull/3565): DTLS: Use bio callback to get fragment packet. v5.0.156 (#3565) * v5.0, 2023-05-29, Merge [#3513](https://github.com/ossrs/srs/pull/3513): SSL: Fix SSL_get_error get the error of other coroutine. v5.0.155 (#3513) * v5.0, 2023-05-13, Merge [#3541](https://github.com/ossrs/srs/pull/3541): asan: Fix memory leak in asan by releasing global IPs when run_directly_or_daemon fails. v5.0.154 (#3541) diff --git a/trunk/research/api-server/server.go b/trunk/research/api-server/server.go index 8942d8c41..aa379528b 100644 --- a/trunk/research/api-server/server.go +++ b/trunk/research/api-server/server.go @@ -400,10 +400,18 @@ func (v *SnapshotJob) do(ffmpegPath, inputUrl string) (err error) { normalPicPath := path.Join(outputPicDir, fmt.Sprintf("%v", v.Stream)+"-%03d.png") bestPng := path.Join(outputPicDir, fmt.Sprintf("%v-best.png", v.Stream)) - param := fmt.Sprintf("%v -i %v -vf fps=1 -vcodec png -f image2 -an -y -vframes %v -y %v", ffmpegPath, inputUrl, v.vframes, normalPicPath) - log.Println(fmt.Sprintf("start snapshot, cmd param=%v", param)) + params := []string{ + "-i", inputUrl, + "-vf", "fps=1", + "-vcodec", "png", + "-f", "image2", + "-an", + "-vframes", strconv.Itoa(v.vframes), + "-y", normalPicPath, + } + log.Println(fmt.Sprintf("start snapshot, cmd param=%v %v", ffmpegPath, strings.Join(params, " "))) timeoutCtx, _ := context.WithTimeout(v.cancelCtx, v.timeout) - cmd := exec.CommandContext(timeoutCtx, "/bin/bash", "-c", param) + cmd := exec.CommandContext(timeoutCtx, ffmpegPath, params...) if err = cmd.Run(); err != nil { log.Println(fmt.Sprintf("run snapshot %v cmd failed, err is %v", v.Tag(), err)) return diff --git a/trunk/src/core/srs_core_version5.hpp b/trunk/src/core/srs_core_version5.hpp index 982777dba..7c9752a0b 100644 --- a/trunk/src/core/srs_core_version5.hpp +++ b/trunk/src/core/srs_core_version5.hpp @@ -9,6 +9,6 @@ #define VERSION_MAJOR 5 #define VERSION_MINOR 0 -#define VERSION_REVISION 156 +#define VERSION_REVISION 157 #endif diff --git a/trunk/src/core/srs_core_version6.hpp b/trunk/src/core/srs_core_version6.hpp index 4f6b719fb..4d2de5ddb 100644 --- a/trunk/src/core/srs_core_version6.hpp +++ b/trunk/src/core/srs_core_version6.hpp @@ -9,6 +9,6 @@ #define VERSION_MAJOR 6 #define VERSION_MINOR 0 -#define VERSION_REVISION 47 +#define VERSION_REVISION 48 #endif